mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Fixed a bug in lockable wherein when a user tries to login with correct password after being locked,
failed attempts count gets reset. When the user tries to login with an incorrect password next, the message shown is for invalid password instead of locked account since this check depended mainly on failed attempts count.
This commit is contained in:
parent
f712d07b23
commit
e2030a740d
3 changed files with 37 additions and 12 deletions
|
@ -79,7 +79,7 @@ module Devise
|
|||
# if the user can login or not (wrong password, etc)
|
||||
unlock_access! if lock_expired?
|
||||
|
||||
if super
|
||||
if super && !access_locked?
|
||||
self.failed_attempts = 0
|
||||
save(:validate => false)
|
||||
true
|
||||
|
|
|
@ -92,13 +92,6 @@ class LockTest < ActionController::IntegrationTest
|
|||
assert_not warden.authenticated?(:user)
|
||||
end
|
||||
|
||||
test "user should not be able to sign in when locked" do
|
||||
user = sign_in_as_user(:locked => true)
|
||||
assert_template 'sessions/new'
|
||||
assert_contain 'Your account is locked.'
|
||||
assert_not warden.authenticated?(:user)
|
||||
end
|
||||
|
||||
test "user should not send a new e-mail if already locked" do
|
||||
user = create_user(:locked => true)
|
||||
user.failed_attempts = User.maximum_attempts + 1
|
||||
|
@ -113,10 +106,29 @@ class LockTest < ActionController::IntegrationTest
|
|||
|
||||
test 'error message is configurable by resource name' do
|
||||
store_translations :en, :devise => {
|
||||
:failure => { :user => { :locked => "You are locked!" } }
|
||||
:failure => {:user => {:locked => "You are locked!"}}
|
||||
} do
|
||||
user = sign_in_as_user(:locked => true)
|
||||
assert_contain 'You are locked!'
|
||||
|
||||
user = create_user(:locked => true)
|
||||
user.failed_attempts = User.maximum_attempts + 1
|
||||
user.save!
|
||||
|
||||
sign_in_as_user(:password => "invalid")
|
||||
assert_contain "You are locked!"
|
||||
end
|
||||
end
|
||||
|
||||
test "user should not be able to sign in when locked" do
|
||||
store_translations :en, :devise => {
|
||||
:failure => {:user => {:locked => "You are locked!"}}
|
||||
} do
|
||||
|
||||
user = create_user(:locked => true)
|
||||
user.failed_attempts = User.maximum_attempts + 1
|
||||
user.save!
|
||||
|
||||
sign_in_as_user(:password => "123456")
|
||||
assert_contain "You are locked!"
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -157,7 +169,7 @@ class LockTest < ActionController::IntegrationTest
|
|||
|
||||
test "when using json to ask a unlock request, should not return the user" do
|
||||
user = create_user(:locked => true)
|
||||
post user_unlock_path(:format => "json", :user => {:email => user.email})
|
||||
post user_unlock_path(:format => "json", :user => {:email => user.email})
|
||||
assert_response :success
|
||||
assert_equal response.body, {}.to_json
|
||||
end
|
||||
|
|
|
@ -23,6 +23,19 @@ class LockableTest < ActiveSupport::TestCase
|
|||
assert_equal 0, user.reload.failed_attempts
|
||||
end
|
||||
|
||||
test "should increment failed_attempts on successfull validation if the user is already locked" do
|
||||
user = create_user
|
||||
user.confirm!
|
||||
|
||||
swap Devise, :maximum_attempts => 2 do
|
||||
3.times { user.valid_for_authentication?{ false } }
|
||||
assert user.reload.access_locked?
|
||||
end
|
||||
|
||||
user.valid_for_authentication?{ true }
|
||||
assert_equal 4, user.reload.failed_attempts
|
||||
end
|
||||
|
||||
test "should not touch failed_attempts if lock_strategy is none" do
|
||||
user = create_user
|
||||
user.confirm!
|
||||
|
|
Loading…
Reference in a new issue